CN107919955A

CN107919955A - A kind of vehicle network safety certifying method, system, vehicle, device and medium

Info

Publication number: CN107919955A
Application number: CN201711466778.1A
Authority: CN
Inventors: 刘健皓; 宋戈
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: Anxinxing Beijing Technology Co ltd
Priority date: 2017-12-28
Filing date: 2017-12-28
Publication date: 2018-04-17
Anticipated expiration: 2037-12-28
Also published as: CN107919955B

Abstract

The present invention discloses a kind of network security certification method, system, vehicle, device and medium, and vehicle, which includes vehicle-carrying communication box, gateway and automobile specified microcomputerized controller, method, to be included：Vehicle-carrying communication box receives the order that remote service business sends, and carries out certificate verification to the order according to the certificate that PKI is issued in advance；If vehicle-carrying communication box certificate verifies successfully, the order is sent to gateway；Gateway carries out certificate verification according to the certificate that PKI is issued in advance to the order；If the pass certificate verifies successfully, the order is sent to automobile specified microcomputerized controller；Automobile specified microcomputerized controller carries out certificate verification according to the certificate that PKI is issued in advance to the order；If automobile specified microcomputerized controller certificate verifies successfully, the order is performed.The method and apparatus that the application provides realize the technique effect for ensureing vehicle network safety to solve vehicle networked existing network security problem of the prior art.

Description

A kind of vehicle network safety certifying method, system, vehicle, device and medium

Technical field

The present invention relates to technical field of automotive electronics, more particularly to a kind of vehicle network safety certifying method, system, car , device and medium.

Background technology

With the expansion of city size and the raising of per capita income, vehicle is increasingly popularized, more and more people's life It is unable to do without vehicle.

In order to allow user can more convenient and more light satisfied, the weight that car manufactures are researched and developed at present in driving procedure One of heart is exactly automotive electronics, and intelligent driving, speech play, intelligent navigation, air purification are provided to the user by automotive electronics Largely it is required for access network to realize with function services, above-mentioned function services such as communication exchanges, vehicle networked has been not Evitable trend.

However, the network safety prevention scheme due to not being suitable for vehicle still currently, vehicle is accessed after network with regard to inevitable Face network security problem, the leakage of owner information, the leakage of communication information, the distorting of vehicle software, vehicle control data Distort and the invasion of Malware all can carry out great risk to the driving safety of vehicle and the safety belt of car owner.

As it can be seen that of the prior art, vehicle networked there are larger network security problem.

The content of the invention

In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least in part State vehicle network safety certifying method, system, vehicle, device and the medium of problem.

First aspect, there is provided a kind of method for carrying out vehicle network safety certification, the vehicle include vehicle-carrying communication Box (Telematics BOX, T-BOX), gateway and automobile specified microcomputerized controller (Electronic Control Unit, ECU), the described method includes：

The vehicle-carrying communication box receives the order that remote service business sends, and according to Public Key Infrastructure (Public Key Infrastructure, PKI) certificate that issues in advance carries out certificate verification to the order；If the vehicle-carrying communication box card Book verifies successfully, then sends the order to the gateway；

The gateway carries out certificate verification according to the certificate that the PKI is issued in advance to the order；It is if described Gateway certificate verifies successfully, then sends the order to the automobile specified microcomputerized controller；

The automobile specified microcomputerized controller carries out certificate according to the certificate that the PKI is issued in advance to the order Verification；If the automobile specified microcomputerized controller certificate verifies successfully, the order is performed.

Optionally, the method further includes：The component root certificate that component on vehicle described in certification carries whether with it is described Unique root certificate matching of the vehicle manufacturers of vehicle, unique root certificate are the vehicles that authentication system is the vehicle Manufacturer corresponds to the root certificate of distribution, and the authentication system is established beforehand through PKI；If the component that the component carries Root certificate is corresponding with unique root certificate, then opens the communication authority of the component and the vehicle；Otherwise the portion is closed The communication authority of part and the vehicle.

Optionally, the method further includes：Receive over the air (Over-the-Air Technology, OTA) The upgrade package that cloud server issues；Whether upgrade package described in certification is upgrade package that trusted servers issue；If the liter The upgrade package that level bag sends for trusted servers, then write with a brush dipped in Chinese ink the upgrade package into the corresponding component of the upgrade package, with upgrading The component.

Optionally, whether upgrade package described in the certification is upgrade package that trusted servers issue, including：It is pre- according to PKI Whether the signature mechanism of the certificate combination PKI first issued, upgrade package described in certification are upgrade package that trusted servers issue.

Optionally, the component is the vehicle-carrying communication box, the corresponding hardware of the gateway or the automobile specified microcomputer Controller.

Optionally, the vehicle further includes safety chip, the certificate that key logic, the PKI of the vehicle are issued with And PKI is that the vehicle communication is default or the key that issues of dynamic is stored in the safety chip.

Optionally, the method further includes：The safety chip, which receives, is not belonging to the outside that the equipment of the vehicle is sent Data, and the external data is decrypted according to the certificate or key stored in the safety chip；The safety chip The external data after decryption is sent to the component of the corresponding vehicle of the external data；Alternatively, the safe core Piece receives the internal data that the component of the vehicle is sent, and according to the certificate or key stored in the safety chip to described Internal data is encrypted；It is corresponding right to the internal data that the safety chip sends the encrypted internal data As.

Optionally, the method further includes：Detect whether that unverified channel accesses the number stored in the safety chip According to；If detect that unverified channel accesses the data stored in the safety chip, destroy the unverified channel and visit The data asked.

Second aspect, there is provided a kind of network safety system, the system are applied to vehicle, including：

Authentication subsystem, the authentication subsystem establish remote service provider, vehicle-carrying communication by Public Key Infrastructure Trust systems between box, gateway and automobile specified microcomputerized controller；And authentication system is established by PKI, pass through institute State the vehicle manufacturers that authentication system is the vehicle and distribute corresponding unique root certificate；

Upgrade subsystem, the upgrading subsystem uses

Over the air is the vehicle-carrying communication box, the gateway and the automobile specified microcomputerized controller establish upgrading Passage.

The third aspect, there is provided a kind of vehicle, the vehicle include vehicle body, further include：

Upgrade subsystem, the upgrading subsystem uses

Fourth aspect, there is provided a kind of system for carrying out vehicle network safety certification, the vehicle include vehicle-carrying communication Box, gateway and automobile specified microcomputerized controller, the system comprises：

Communication cartridge authentication module, for the order for controlling the vehicle-carrying communication box reception remote service business to send, and according to The First Certificate that Public Key Infrastructure issues in advance carries out certificate verification to the order；If the vehicle-carrying communication box certificate school Success is tested, then sends the order to the gateway；

Gateway authentication module, for controlling the second certificate that the gateway issues in advance according to the PKI to the order Carry out certificate verification；If the gateway certificate verifies successfully, the order is sent to the automobile specified microcomputerized controller；

Microcomputer authentication module, for control that the automobile specified microcomputerized controller issues in advance according to the PKI the 3rd Certificate carries out certificate verification to the order；If the automobile specified microcomputerized controller certificate verifies successfully, described in execution Order.

Optionally, the system also includes：Root certificate authentication module, the portion carried for the component described in certification on vehicle Whether part root certificate matches with unique root certificate of the vehicle manufacturers of the vehicle, and unique root certificate is authentication body It is to correspond to the root certificate distributed for the vehicle manufacturers of the vehicle, the authentication system is established beforehand through PKI；Open Module, if corresponding with unique root certificate for the component root certificate that the component carries, opens the component and institute State the communication authority of vehicle；Closedown module, for otherwise closing the communication authority of the component and the vehicle.

Optionally, the system also includes：Receiving module, the liter issued for receiving over the air cloud server Level bag；Whether upgrade package authentication module, be upgrade package that trusted servers issue for upgrade package described in certification；Writing module, If being the upgrade package that trusted servers are sent for the upgrade package, the upgrade package is write with a brush dipped in Chinese ink and is corresponded into the upgrade package Component, to upgrade the component.

Optionally, the upgrade package authentication module is additionally operable to：According to the signature machine of the PKI certificate combination PKI issued in advance Whether system, upgrade package described in certification are upgrade package that trusted servers issue.

Optionally, the safety chip further includes：Decryption unit, receives for the safety chip and is not belonging to the vehicle The external data that sends of equipment, and the external data is solved according to the certificate or key stored in the safety chip It is close；The safety chip sends the external data after decryption to the component of the corresponding vehicle of the external data； Encryption unit, the internal data of the component transmission of the vehicle is received for the safety chip, and according to the safety chip The internal data is encrypted in the certificate or key of middle storage；The safety chip sends out the encrypted internal data Send object corresponding to the internal data.

Optionally, the safety chip further includes：Detection unit, for detecting whether there is unverified channel to access the peace The data stored in full chip；Unit is destroyed, if stored for having detected that unverified channel is accessed in the safety chip Data when, destroy the data that the unverified channel accesses.

5th aspect, there is provided a kind of vehicle, including vehicle-carrying communication box, gateway, automobile specified microcomputerized controller and the 4th The system of network security certification described in aspect.

6th aspect, there is provided a kind of network safety system, including memory, processor and storage are on a memory and can be The computer program run on processor, the processor realize the method described in first aspect when performing described program.

7th aspect, there is provided a kind of computer-readable recording medium, is stored thereon with computer program, which is processed Device realizes the method described in first aspect when performing.

The technical solution provided in the embodiment of the present application, has at least the following technical effects or advantages：

Automotive networking safety certifying method, system, vehicle, device and medium provided by the embodiments of the present application, PKI is applied In vehicle, and it is arranged on order and is controlled from top to bottom along remote service provider, vehicle-carrying communication box, gateway and automobile specified microcomputer When the order of device issues, each downstream site can be carried out according to the order that the certificate that PKI is issued in advance issues superior node Certificate verifies, and just to next stage node forward command again or can perform order after certificate verifies successfully, avoid illegal command By illegal means it is direct under reach the bottom layer node such as gateway or automobile specified microcomputerized controller, not only avoid malicious commands The each node for also enabling lawful order to arrive safe and sound vehicle is invaded, has ensured the network security of vehicle.

Further, network security certification method provided by the embodiments of the present application, system, vehicle, device and medium, pass through PKI establishes the trust body between remote service provider, vehicle-carrying communication box, gateway and automobile specified microcomputerized controller.Also pass through PKI establishes authentication system, corresponding unique for the vehicle manufacturers distribution of the vehicle by the authentication system Root certificate, avoids the use of the component or component of poor quality of other vehicles on vehicle, improves security.Further, using OTA The upgrading channel of safety is established for the vehicle-carrying communication box, the gateway and the automobile specified microcomputerized controller, it is ensured that vehicle Each node can rapid safety upgrade, to avoid the reparation of delay security breaches, further improve vehicle network safety Property.

Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the embodiment of the present invention.

Brief description of the drawings

By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area Technical staff will be clear understanding.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention Limitation.And in whole attached drawing, identical component is denoted by the same reference numerals.In the accompanying drawings：

Fig. 1 is the flow chart for being used to carry out the method for vehicle network safety certification in the embodiment of the present invention；

Fig. 2 is the structure diagram of network safety system in the embodiment of the present invention two；

Fig. 3 is the structure diagram of vehicle in the embodiment of the present invention three；

Fig. 4 is the structure diagram of network safety system in the embodiment of the present invention four；

Fig. 5 is the structure diagram of network safety system in the embodiment of the present invention five；

Fig. 6 is the structure diagram of storage medium in the embodiment of the present invention；

Fig. 7 is the structure diagram of vehicle in the embodiment of the present invention seven.

Embodiment

Technical solution in the embodiment of the present application, general thought are as follows：

PKI is introduced on vehicle to establish the trust systems of each node, that is, is arranged on order from top to bottom along remote service When provider, vehicle-carrying communication box, the order of gateway and automobile specified microcomputerized controller issue, each downstream site can be according to Order that the certificate that PKI is issued in advance issues superior node carries out certificate verification, just can be under again after certificate verifies successfully First nodes forward command performs order, avoid illegal command by illegal means it is direct under reach gateway or automobile specified The bottom layer nodes such as microcomputerized controller so that lawful order can arrive safe and sound each node of vehicle, ensure the network peace of vehicle Entirely.

The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.

Embodiment one

A kind of method for carrying out vehicle network safety certification is present embodiments provided, is please referred to Fig.1, Fig. 1 is this Shen It please be used for the flow chart for carrying out the method for vehicle network safety certification in embodiment, the vehicle includes vehicle-carrying communication box, gateway With automobile specified microcomputerized controller, the described method includes：

Step S101, the vehicle-carrying communication box receive the order that remote service business sends, and the card issued in advance according to PKI Book carries out certificate verification to the order；If the vehicle-carrying communication box certificate verifies successfully, described order to described is sent Gateway；

Step S102, the gateway carry out certificate verification according to the certificate that the PKI is issued in advance to the order；If The gateway certificate verifies successfully, then sends the order to the automobile specified microcomputerized controller；

Step S103, the automobile specified microcomputerized controller according to the certificate that the PKI is issued in advance to it is described order into Row certificate verifies；If the automobile specified microcomputerized controller certificate verifies successfully, the order is performed.

Before the specific implementation step of the present embodiment is introduced, PKI technologies are first introduced, PKI technologies use certificate management public key, By third-party trusted authorities authentication center (Certificate Authority, CA), the public key of user and user Other identifier information (such as vehicle manufacturers or testing vehicle register mark) bundles, and in the identity of line verification user. And PKI technology combination digital certificates can also be used, the digital information transmitted to needs is encrypted, and ensures that digital information passes Defeated confidentiality and integrality, and pass through the authenticity and non-repudiation of guarantee identity of signing.

This implementation manages key and certificate using PKI, and the network environment of a safety is established for vehicle network, and will PKI certificate verifications have been deep into the bottoms such as gateway and ECU and have performed node, are arranged on order and are provided from top to bottom along remote service When business, vehicle-carrying communication box, the order of gateway and automobile specified microcomputerized controller issue, each downstream site can be pre- according to PKI The order that the certificate first issued issues superior node carries out certificate verification, just can be to next stage section again after certificate verifies successfully Point or performs order at forward command, avoid illegal command by illegal means it is direct under reach gateway or automobile specified microcomputer control The bottom layer nodes such as device processed, the invasion that not only avoid malicious commands also enable lawful order to arrive safe and sound each section of vehicle Point, has ensured the network security of vehicle.

In the following, the specific implementation step of method provided by the embodiments of the present application is discussed in detail with reference to Fig. 1：

First, step S101 is performed, the vehicle-carrying communication box receives the order that remote service business sends, and pre- according to PKI The First Certificate first issued carries out certificate verification to the order；If the vehicle-carrying communication box certificate verifies successfully, send It is described to order to the gateway.

In the embodiment of the present application, the remote service business, that is, Telematics Service Provider, referred to as TSP, the remote service provider of vehicle be to vehicle user provide application or the text being showed on vehicle part, image, The platform vendor of audio, video or multimedia messages.

For example, when vehicle mounted guidance is installed on vehicle, the navigation of navigation data is provided to the vehicle mounted guidance component Platform vendor is the remote service business of vehicle.Alternatively, when mobile TV component is installed on vehicle, to the mobile TV portion The broadcasting and TV platform that part sends television programme data is the remote service business of the vehicle.

It should also be noted that, the vehicle-carrying communication box, that is, T-BOX is mainly used for vehicle and background system or mobile phone application The communication of (Application, APP), therefore when TSP sends a command to the vehicle, can first by the T-BOX on the vehicle Lai Receive order.

In the embodiment of the present application, in order to avoid illegal command source sends illegal command to the T-BOX, to disturb car The normal work of component, the T-BOX is when receiving the order that the TSP is sent, the certificate that can first be issued in advance according to PKI Certificate verification is carried out to the order.

Specific checking procedure can be carried out with reference to digital certificate, secret key and digital signature, and two kinds of verifications are provided below Process：

The first, is verified according to the digital certificate of the legal remote service business to prestore.

The lawful order source approved for the production firm of the vehicle, the CA by PKI is each legitimate origin Respective digital certificate is generated, and the digital certificate of each legitimate origin of authenticated mistake is handed down to the vehicle and is deposited Storage.

For example, digital certificate A is generated to remote service business A, digital certificate B is generated to remote service business B, and by institute The vehicle that digital certificate A and the digital certificate B are handed down to the production firm is stated to be stored.

Further, when T-BOX transmitting order to lower levels of the remote service business to the vehicle, it can carry and send remote service business Digital certificate to the T-BOX of the vehicle, whether T-BOX can first judge the digital certificate with being stored in advance in the vehicle Certain digital certificate matching in legitimate digital set of certificates, if it does, the T-BOX certificates verify successfully.

Certainly, in specific implementation process, secret key and digital signature be can be combined with to be verified, to further improve Security：

First, when T-BOX transmitting order to lower levels of the remote service business to the vehicle, it can carry and send remote service business Digital certificate and digital signature to the vehicle T-BOX.Wherein, the digital certificate includes the public affairs generated by the CA of PKI Key, the digital signature include in plain text and use the character string of private key encryption.

Need some below explanation：The private key is corresponding with the public key, can be to using the private key using the public key Encrypted character string is decrypted；It is default that the character string can be that the remote service business consults with the vehicle in advance Character string, the character string can also be the extraction algorithms consulted in advance with the vehicle according to the remote service business, from The character string extracted in the plaintext；The plaintext can be that the specific of the order performs code.

Then, T-BOX can first judge the digital certificate whether with the legitimate digital certificate that is prestored in the vehicle Certain digital certificate matching in set, if it does, then using the public key in the digital certificate to being used in the digital signature The character string of private key encryption is decrypted, and obtains the character string.

If next, the character string is the preset characters that the remote service business consults with the vehicle in advance String, then directly the character string is compared with preset characters string, the order that such as matching is just issued according to performing in plain text；If institute It is the extraction algorithm consulted in advance with the vehicle according to the remote service business to state character string, is extracted from the plaintext Character string, then the character string is compared with plaintext, judges whether the character string is from being stated clearly according to default extraction algorithm Extracted in text, the order then issued in this way according to performing in plain text.

Specifically, verified, can effectively be kept away by the way of the digital certificate combination secret key and digital signature of PKI Exempt from caused by being verified only with digital certificate, the safety problem occurred after digital certificate is stolen, further support vehicles Network security.

Second, verified according to the digital certificate of the Vehicle manufacturers.

Corresponding digital certificate is generated for Vehicle manufacturers by the CA of PKI, and the digital certificate of generation is sent Each legal remote service business that production firm to the vehicle is approved is stored.

For example, digital certificate A is generated to Vehicle manufacturers A, digital certificate B is generated to Vehicle manufacturers B, and The digital certificate A is sent to each remote service business that the Vehicle manufacturers A certifications pass through to be stored；By described in Digital certificate B is sent to each remote service business that the Vehicle manufacturers B certifications pass through and is stored.

Further, when T-BOX transmitting order to lower levels of the remote service business to the vehicle, it can carry and send remote service business Obtain before, the T-BOX of the corresponding digital certificate of production firm of the vehicle to the vehicle, T-BOX can first judge the numeral Whether the digital certificate of the Vehicle manufacturers with being stored in advance in the vehicle matches certificate, if it does, the T- BOX certificates verify successfully.

Certainly, in specific implementation process, can equally be verified with reference to secret key and digital signature, further to carry High security：

First, when T-BOX transmitting order to lower levels of the remote service business to the vehicle, it can carry and send the Vehicle manufacturers Corresponding digital certificate and digital signature to the vehicle T-BOX.Wherein, the digital certificate includes giving birth to by the CA of PKI Into public key, the digital signature include in plain text and using private key encryption character string.

Then, T-BOX can first judge the digital certificate whether with the vehicle production that is stored in advance in the vehicle The digital certificate matching of manufacturer, if it does, then using the public key in the digital certificate to using private key in the digital signature Encrypted character string is decrypted, and obtains the character string.

Certainly, in specific implementation process, the process of certificate verification is not limited to both the above, can be set as needed Put, this is not restricted.

After the T-BOX certificates verify successfully, the order can be sent to the gateway.

Then, step S102 is performed, the gateway carries out certificate according to the certificate that the PKI is issued in advance to the order Verification；If the gateway certificate verifies successfully, the order is sent to the automobile specified microcomputerized controller.

In the embodiment of the present application, the gateway can be the on-vehicle safety central gateway of the vehicle, specifically, institute The zone isolation of bus network can be carried out by stating on-vehicle safety central gateway, to controller local area network (Controller Area Network, CAN) bus signals carry out management and control, and bus intrusion behavior is detected, and protect ECU not to be held as a hostage.

In the embodiment of the present application, come in and go out in order to which zone isolation and detection can be carried out before the ECU is reached under order Behavior is invaded, the order first can be issued to gateway by the T-BOX, then be issued to the ECU by gateway.

Further, the gateway is to can guarantee that the order received is legitimate origin, rather than exterior illegal platform or Illegality equipment palms off the order that the T-BOX is issued, and the gateway can also verify the order.Therefore under the T-BOX The remote service business can also be carried by, which being sent in the order of the gateway, sends digital certificate.

In the embodiment of the present application, the gateway carries out the process of certificate verification and T-BOX described in step S101 is carried out The method of certificate verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

Further, it is described if the gateway is the certificate verification carried out with reference to digital certificate, secret key and digital signature T-BOX, which is issued in the order of the gateway, can also carry the remote service business transmission digital certificate and digital signature, described It can include public key in digital certificate, the digital signature can include private key corresponding with the public key is used in plain text and be encrypted Character string.Specific method of calibration is also demonstrate,proved with T-BOX combinations digital certificate described in step S101, secret key and digital signature The method of book verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

After the gateway certificate verifies successfully, the order can be sent to the ECU.

Next, perform step S103, the card that the automobile specified microcomputerized controller ECU is issued in advance according to the PKI Book carries out certificate verification to the order；If the automobile specified microcomputerized controller certificate verifies successfully, the life is performed Order.

In the embodiment of the present application, the ECU is also known as " car running computer " or " vehicle-mounted computer ", by microprocessor (CPU), deposits The large scale integrated circuit such as reservoir (ROM, RAM), input/output interface (I/O), analog-digital converter (A/D) and shaping, driving Composition.Different vehicle functions can be controlled using different ECU, for example, ECU can be set to the lighting a fire of engine, empty The multiple parameters such as combustion ratio, the recycling of idling, exhaust gas are controlled, and can also set ECU control anti-lock braking system, can be with Set ECU to control four-wheel drive system, ECU can also be set to control electronic automatic transmission, ECU controls can also be set actively Suspension system, can also set ECU to control air bag system, and ECU can also be set to control multidirectional adjustable electronic control seat.

As it can be seen that ECU controls the specific execution of the every aspect functions such as vehicle safety operation and vehicle comfort level, if Illegal malicious commands invasion is issued to ECU, can then bring life danger to vehicle driver weight, gently then influence to take and operation is relaxed Appropriateness.

In consideration of it, when the embodiment of the present application is arranged on the gateway transmitting order to lower levels to the ECU, ECU connects to can guarantee that Received order is legitimate origin, rather than exterior illegal platform or illegality equipment palm off the order that the gateway directly issues, ECU also can carry out certificate verification based on PKI to the source of order.Therefore the gateway is issued in the order of the ECU and can also take Digital certificate is sent with the remote service business.

In the embodiment of the present application, the process of the ECU progress certificate verification is demonstrate,proved with T-BOX described in step S101 The method of book verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

Further, it is described if the ECU is the certificate verification carried out with reference to digital certificate, secret key and digital signature Gateway, which is issued in the order of the ECU, can also carry the remote service business transmission digital certificate and digital signature, the number It can include public key in word certificate, the digital signature can include the word that private key corresponding with the public key is used is encrypted in plain text Symbol string.Specific method of calibration also carries out certificate with T-BOX combinations digital certificate described in step S101, secret key and digital signature The method of verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

After the ECU certificates verify successfully, the order can be just performed.

Specifically, be arranged on order from business from top to bottom along remote service provider, vehicle-carrying communication box, gateway and When the order of automobile specified microcomputerized controller issues, each downstream site can save higher level according to the certificate that PKI is issued in advance The order that point issues carries out certificate verification, and just to next stage node forward command again or life can be performed after certificate verifies successfully Order, avoid illegal command by illegal means it is direct under reach the bottom layer node such as gateway or automobile specified microcomputerized controller, make Lawful order can arrive safe and sound each node of vehicle, finally arrive safe and sound ECU, has ensured the network security of vehicle.

In the embodiment of the present application, safe source when order issues is not only allowed for, it is also contemplated that vehicle upper part Safety, details are as follows：

Specifically, if what component of poor quality or other depots produced is installed on car with the unmatched component of the vehicle When, larger safety and leaking data hidden danger can be also brought to vehicle.Therefore the present embodiment also establishes identity by PKI for vehicle Authentication system, so as to avoid the use on vehicle of component or component of poor quality of other vehicles, further improves security.Tool The identity identifying method of body is as follows：

First, by the authentication system corresponding unique root certificate is distributed for the vehicle manufacturers of the vehicle.

Specifically, a unique corresponding unique root certificate is generated for each depot by the CA of PKI respectively, then will It is respectively allocated to corresponding Vehicle manufacturers, and the Vehicle manufacturers demonstrate,prove unique root of this manufacturer before vehicle release Book is stored into each crucial component of vehicle.

For example, generating unique root certificate A to Vehicle manufacturers A, unique root certificate B is generated for Vehicle manufacturers B, By certificate distribution to corresponding Vehicle manufacturers, Vehicle manufacturers A deposits unique root certificate A before its vehicle depot PKI Store up to the critical component of the vehicle, Vehicle manufacturers B and store unique root certificate B to the car before its vehicle depot Critical component wherein, unique root certificate A is differed with the uniquely root certificate B.

Then, the component root certificate that component on vehicle described in certification carries whether with the vehicle manufacturers of the vehicle Unique root certificate matching, unique root certificate are that the vehicle manufacturers that authentication system is the vehicle correspond to the root of distribution Certificate, the authentication system are established beforehand through PKI.

Specifically, when there is component to be installed on the vehicle, the vehicle can first judge whether deposited in the component Root certificate is contained, if do not stored, then it is assumed that certification is not by closing the communication authority of the component and the vehicle, such as Fruit has storage, then obtains the component root certificate of storage, and judge the component root certificate whether unique root with the vehicle storage Credentials match.

If the component root certificate that the component carries is corresponding with the uniquely root certificate, open the component with it is described The communication authority of vehicle；Otherwise the communication authority of the component and the vehicle is closed.

The closing authentication system established by above-mentioned PKI, can effectively avoid component of poor quality and different vendor's component from using On vehicle, caused safety and privacy compromise problem.

In the embodiment of the present application, the safe source of the safe source and component when order issues is not only allowed for, is also examined The safety of vehicle upper part and logical update is considered, details are as follows：

Specifically, due to hacking technique development rapidly, different principle and not will be developed in a short period of time With the network attack of invasion mode, if component and key logic on vehicle without timely loophole reparation and renewal, very Vehicle infringement under attack is easy to cause, and safety problem and privacy compromise problem occurs.

In consideration of it, the present embodiment additionally provides the method that full-range safety upgrade passage is established by OTA, OTA is logical The air interface for crossing mobile communication (GSM or CDMA) carries out data and application the technology of remote management.Air interface can adopt With Wireless Application Protocol (WAP), general packet radio service technology (GPRS) and short message service technology etc..By the way that OTA technologies are used Enable the quickly timely and safe upgrading of each node of vehicle in vehicle safety network so that the time of upgrading is not easily susceptible to vehicle The influence of local environment, can ensure that the timely rapid reparation of security breaches.

In the embodiment of the present application, the vehicle-carrying communication box on the vehicle, the gateway corresponding hardware or described The components such as automobile specified microcomputerized controller can be upgraded by the OTA safety upgrade passages established.

The method that upgrade package upgrading is carried out especially by OTA is as follows：

First, vehicle receives the upgrade package that issues of OTA cloud servers, the upgrade package can be staff it is advance on Reach the OTA cloud servers.

Then, whether upgrade package described in vehicle authentication is upgrade package that trusted servers issue；If the upgrade package is The upgrade package that trusted servers are sent, then write with a brush dipped in Chinese ink the upgrade package into the corresponding component of the upgrade package, to upgrade the portion Part.

Specifically, the trusted servers are the servers of the Vehicle manufacturers, or beforehand through described The server of the remote service provider of Vehicle manufacturers certification.For example, the navigation platform server that pre-authentication is crossed, or in advance The broadcasting and TV Platform Server first authenticated.

In the embodiment of the present application, in order to ensure the credible and safe of upgrade package source, by the upgrade package write with a brush dipped in Chinese ink into Before component, it is also necessary to which whether the source for verifying the upgrade package is trusted servers, the card that can be specifically issued in advance according to PKI Whether book, upgrade package described in certification are upgrade package that trusted servers issue.

Specifically, digital certificate can be added in the upgrade package for being uploaded to the OTA cloud servers, passes through verification The digital certificate verifies the source of the upgrade package.The process of specific check digit certificate and T- described in step S101 The method that BOX carries out digital certificate verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

Further, if whether upgrade package is to convince with reference to described in digital certificate, secret key and digital signature carry out certification The upgrade package that business device issues, then add digital certificate and digital signature in the upgrade package for being uploaded to the OTA cloud servers, It can include public key in the digital certificate, the digital signature can include private key corresponding with the public key is used in plain text and be added Close character string.Specific method of calibration also with T-BOX combinations digital certificate described in step S101, secret key and digital signature into The method of row certificate verification is identical, in order to illustrate the succinct of book, does not do tired state herein.

For example, by taking the T-BOX on vehicle needs to upgrade as an example：

First, when the technical staff of vehicle manufacturers, which studies, to be found there are new security breaches, can develop for the peace The upgrade package of full loophole, and the upgrade package is uploaded to OTA cloud servers, carrying PKI in the upgrade package distributes to The digital certificate and digital signature of the vehicle generation manufacturer, wherein, the digital certificate includes what is generated by the CA of PKI Public key, the digital signature include in plain text and use the character string of private key encryption；

Need some below explanation：The private key is corresponding with the public key, can be to using the private key using the public key Encrypted character string is decrypted；It is default that the character string can be that the vehicle manufacturers are consulted with the vehicle in advance Character string, the character string can also be the extraction algorithms consulted in advance with the vehicle according to the vehicle manufacturers, from The character string extracted in the plaintext；The plaintext can be that the specific of the upgrade package performs code.

Then, which can be issued to the T-BOX of vehicle by OTA cloud servers.After T-BOX receives upgrade package, In order to ensure the credible of upgrade package source, it can first judge whether digital certificate therein matches with the digital certificate of vehicle storage, If it does, then using the public key in the digital certificate to being solved in the digital signature with the character string of private key encryption It is close, obtain the character string.

If next, the character string is the preset characters that the vehicle manufacturers are consulted with the vehicle in advance String, then directly the character string is compared with preset characters string, and such as matching just writes with a brush dipped in Chinese ink the upgrade package into T-BOX hardware.Such as Character string described in fruit is the extraction algorithm consulted in advance with the vehicle according to the vehicle manufacturers, is carried from the plaintext The character string taken, then the character string is compared with plaintext, judges whether the character string is from institute according to default extraction algorithm State what is extracted in text clearly, in this way then write with a brush dipped in Chinese ink the upgrade package into T-BOX hardware.

Finally, the T-BOX is restarted to complete to upgrade.

Specifically, before by upgrade package brush read-in unit, the verification in upgrade package source is first carried out, is avoided that illicit sources Damage and data of the upgrade package to critical component steal, improve vehicle safety.Further, combined using the digital certificate of PKI The mode of secret key and digital signature carries out upgrade package source-verify, can effectively avoid only with digital certificate carrying out verification causing , the safety problem occurred after digital certificate is stolen, further support vehicles network security.

In the embodiment of the present application, it is foregoing：The verification of order source, the source verification of component and the source verification of upgrade package When, digital certificate and key are used, if however, digital certificate and key are stolen, the defence line of network security can be by easily Rout, it will serious safety problem occur.

In consideration of it, the present embodiment, which is also combined safety chip (Secure Element, SE) with PKI and OTA, is used for vehicle In, the Network Security Environment basis as vehicle.Wherein, safety chip is can independently to carry out key storage and the dress of encryption and decryption Put, inside possesses independent processor and storage unit, can store key, characteristic and key logic.With safety chip into Row encryption and decryption, code data can only export, and cannot input, and the computing so encrypted and decrypted is pacified inside safety chip It is complete to carry out, and since key is stored in hardware, stolen data can not decrypt, so as to protect business privacy and data to pacify Entirely.

For example, PKI distributes to digital certificate (including unique root certificate of Vehicle manufacturers and the long-range clothes of vehicle Digital certificate after business business certification success), various keys (including prestore key, the fingerprint of door opening, with remote service commercial treaty The fixed preset characters string or the extraction algorithm of the preset characters string) and key logic be stored in the SE, if Want to crack and obtain these data and just need to crack safety chip first, therefore can effectively avoid being stolen.

Further, the encryption to data and decryption (including with decryption of the public key to the preset characters string) are also in the peace Carry out in full chip, be stolen to avoid key.Specifically, the safety chip can receive the equipment for being not belonging to the vehicle The external data of transmission, and the external data is decrypted according to the certificate or key stored in the safety chip；Institute Safety chip is stated to send the external data after decryption to the component of the corresponding vehicle of the external data；Alternatively, The safety chip receives the internal data that the component of the vehicle is sent, and according to the certificate stored in the safety chip or The internal data is encrypted in key；The safety chip sends the encrypted internal data to the internal number According to corresponding object.

For example, by remote service business to exemplified by the T-BOX transmitting order to lower levels of the vehicle：

Then, T-BOX can send received digital certificate and digital signature to SE, by SE according to the number stored in SE Word certificate first judge the digital certificate whether with certain numeral in the legitimate digital set of certificates that is prestored in the vehicle Credentials match, if it does, then using the public key in the digital certificate to using private key encryption in the digital signature by SE Character string is decrypted, and obtains the character string.

Next, SE judges whether the character string extracts with the preset characters string stored in SE or the extraction algorithm String matching, if it matches, then SE can send information notice T-BOX, then by T-BOX by it is described order be forwarded to or hold OK.

Specifically, using SE to carry out certificate, password and the storage of key logic, and can be had to carry out encryption and decryption by SE Effect improves vehicle network security.

In specific implementation process, when there is unverified channel to access the data stored in SE, SE, which can take, destroys institute The modes of the data that unverified channel accesses is stated to take precautions against white-box attack, so that protect the storage of key logic and secret key safe, Password is avoided to leak.

Specifically, PKI, OTA and SE are combined the basic network security environment for being used for establishing vehicle by the embodiment of the present application： Trust systems between remote service provider, vehicle-carrying communication box, gateway and automobile specified microcomputerized controller are established by PKI. Authentication system is also established by PKI, is distributed and corresponded to for the vehicle manufacturers of the vehicle by the authentication system Unique root certificate, avoid the use of the component or component of poor quality of other vehicles on vehicle, improve security.Further, OTA is used to establish the upgrading channel of safety for the vehicle-carrying communication box, the gateway and the automobile specified microcomputerized controller, really Each node rapid safety upgrade of energy of vehicle is protected, to avoid the reparation of delay security breaches, further improves vehicle net Network security.Further, set safety chip to store key, characteristic and key logic, and carried out in safety chip Encryption and decryption, can prevent the significant datas such as key, certificate and key logic to be stolen, and be further ensured that vehicle network safety.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding system of method in embodiment one, sees implementation Example two.

Embodiment two

As shown in Figure 2, there is provided a kind of network safety system, the system are applied to vehicle, including：

Authentication subsystem 201, the authentication subsystem establish remote service provider, vehicle-mounted logical by Public Key Infrastructure Believe the trust systems between box, gateway and automobile specified microcomputerized controller；And authentication system is established by PKI, pass through The authentication system distributes corresponding unique root certificate for the vehicle manufacturers of the vehicle；

Upgrade subsystem 202, the upgrading subsystem uses over the air as the vehicle-carrying communication box, the gateway Upgrading channel is established with the automobile specified microcomputerized controller.

In the embodiment of the present application, the network safety system further includes safety chip SE, PKI and distributes to the numeral of vehicle Certificate (including digital certificate after unique root certificate and remote service business certification success of Vehicle manufacturers), various keys (including key, the fingerprint of door opening and the fixed preset characters string of remote service commercial treaty or the preset characters string to prestore Extraction algorithm) and key logic be stored in the SE, if it is desired to crack obtain these data just need to crack first Safety chip, therefore effectively data can be avoided to be stolen.

Further, the encryption to data and decryption (including with decryption of the public key to the preset characters string) are also in the peace Carry out in full chip, be stolen to avoid key.

By the system that the embodiment of the present invention two is introduced, it is used by the method for the implementation embodiment of the present invention one System, so the method introduced based on the embodiment of the present invention one, the affiliated personnel in this area can understand the concrete structure of the system And deformation, so details are not described herein.System belongs to the present invention and is intended to used by the method for every embodiment of the present invention one The scope of protection.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding vehicle of method in embodiment one, sees implementation Example three.

Embodiment three

As shown in Figure 3, there is provided a kind of vehicle, the vehicle include vehicle body 301, further include：

Authentication subsystem 302, the authentication subsystem pass through Public Key Infrastructure (Public Key Infrastructure, PKI) establish between remote service provider, vehicle-carrying communication box, gateway and automobile specified microcomputerized controller Trust systems；And authentication system is established by PKI, given birth to by the authentication system for the vehicle of the vehicle Business men distributes corresponding unique root certificate；

Upgrade subsystem 303, the upgrading subsystem uses over the air (Over-the-Air Technology, OTA) it is that the vehicle-carrying communication box, the gateway and the automobile specified microcomputerized controller establish upgrading channel.

In the embodiment of the present application, the vehicle further includes safety chip 304, and PKI distributes to the digital certificate (bag of vehicle Include the digital certificate after unique root certificate and remote service business certification success of Vehicle manufacturers), various keys (including prestore Key, door opening fingerprint, calculate with the extraction of the fixed preset characters string of remote service commercial treaty or the preset characters string Method) and key logic be stored in the SE, if it is desired to crack obtain these data just need to crack safety chip first, Therefore effectively data can be avoided to be stolen.

Further, the encryption to data and decryption (including with decryption of the public key to the preset characters string) are also in the peace Carry out in full chip 304, be stolen to avoid key.

By the vehicle that the embodiment of the present invention three is introduced, to implement the method for the embodiment of the present invention one used by car , so the method introduced based on the embodiment of the present invention one, the affiliated personnel in this area can understand the concrete structure of the vehicle And deformation, so details are not described herein.Vehicle belongs to the present invention and is intended to used by the method for every embodiment of the present invention one The scope of protection.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding system of method in embodiment one, sees implementation Example four.

Example IV

As shown in Figure 4, there is provided a kind of system for carrying out vehicle network safety certification, the vehicle include vehicle-carrying communication Box, gateway and automobile specified microcomputerized controller, the system comprises：

Communication cartridge authentication module 401, for controlling the vehicle-carrying communication box to receive the order that remote service business sends, and is pressed The order is carried out according to the First Certificate that Public Key Infrastructure (Public Key Infrastructure, PKI) issues in advance Certificate verifies；If the vehicle-carrying communication box certificate verifies successfully, the order is sent to the gateway；

Gateway authentication module 402, for controlling the second certificate that the gateway issues in advance according to the PKI to the life Order carries out certificate verification；If the gateway certificate verifies successfully, send the order to the automobile specified microcomputer and control Device；

Microcomputer authentication module 403, for control that the automobile specified microcomputerized controller issues in advance according to the PKI Three certificates carry out certificate verification to the order；If the automobile specified microcomputerized controller certificate verifies successfully, institute is performed State order.

In the embodiment of the present application, the system also includes：

Root certificate authentication module, the component root certificate carried for component on vehicle described in certification whether with the vehicle Vehicle manufacturers the matching of unique root certificate, unique root certificate is the vehicle production that authentication system is the vehicle Business corresponds to the root certificate of distribution, and the authentication system is established beforehand through PKI；

Opening module, if corresponding with unique root certificate for the component root certificate that the component carries, is opened The communication authority of the component and the vehicle；

Closedown module, for otherwise closing the communication authority of the component and the vehicle.

In the embodiment of the present application, the system also includes：

Receiving module, for receiving over the air (Over-the-Air Technology, OTA) cloud service The upgrade package that device issues；

Whether upgrade package authentication module, be upgrade package that trusted servers issue for upgrade package described in certification；

Writing module, if being the upgrade package that trusted servers are sent for the upgrade package, by the upgrade package brush The corresponding component of the upgrade package is write, to upgrade the component.

In the embodiment of the present application, the upgrade package authentication module is additionally operable to：

According to the signature mechanism of the PKI certificate combination PKI issued in advance, whether upgrade package described in certification is trusted servers The upgrade package issued.

In the embodiment of the present application, the component is the vehicle-carrying communication box, the corresponding hardware of the gateway or the vapour Car dedicated microcomputer controller.

In the embodiment of the present application, the vehicle further includes safety chip, and key logic, the PKI of the vehicle are issued The certificate and PKI are default or the key that issues of dynamic is stored in the safety chip for the vehicle communication.

In the embodiment of the present application, the safety chip further includes：

Decryption unit, receives for the safety chip and is not belonging to the external data that the equipment of the vehicle is sent, and presses The external data is decrypted according to the certificate or key stored in the safety chip；The safety chip is by after decryption The external data is sent to the component of the corresponding vehicle of the external data；

Encryption unit, the internal data of the component transmission of the vehicle is received for the safety chip, and according to described The internal data is encrypted in the certificate or key stored in safety chip；The safety chip will be encrypted described interior Portion's data sending is to the corresponding object of the internal data.

Detection unit, for detecting whether there is unverified channel to access the data stored in the safety chip；

Unit is destroyed, if during for detecting that unverified channel accesses the data stored in the safety chip, pin Ruin the data that the unverified channel accesses.

By the system that the embodiment of the present invention four is introduced, it is used by the method for the implementation embodiment of the present invention one System, so the method introduced based on the embodiment of the present invention one, the affiliated personnel in this area can understand the concrete structure of the system And deformation, so details are not described herein.System belongs to the present invention and is intended to used by the method for every embodiment of the present invention one The scope of protection.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding system of method in embodiment one, sees implementation Example five.

Embodiment five

As shown in figure 5, the present embodiment provides a kind of network safety system, including memory 510, processor 520 and storage On memory 510 and the computer program 511 that can be run on processor 520, the processor 520 perform the computer Following steps are realized during program 511：

The vehicle-carrying communication box receives the order that remote service business sends, and the certificate issued in advance according to PKI is to described Order carries out certificate verification；If the vehicle-carrying communication box certificate verifies successfully, the order is sent to the gateway；

The gateway carries out certificate verification according to the certificate that the PKI is issued in advance to the order；If the gateway Certificate verifies successfully, then sends the order to the automobile specified microcomputerized controller；

The automobile specified microcomputerized controller carries out certificate school according to the certificate that the PKI is issued in advance to the order Test；If the automobile specified microcomputerized controller certificate verifies successfully, the order is performed.

In the embodiment of the present application, the application reality can be realized when the processor 520 performs the computer program 511 Apply any embodiment in example one.

By the system that the embodiment of the present invention five is introduced, it is used by the method for the implementation embodiment of the present invention one System, so the method introduced based on the embodiment of the present invention one, the affiliated personnel in this area can understand the concrete structure of the system And deformation, so details are not described herein.System belongs to the present invention and is intended to used by the method for every embodiment of the present invention one The scope of protection.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding storage medium of method in embodiment one, sees Embodiment six.

Embodiment six

The present embodiment provides a kind of computer-readable recording medium 600, as shown in fig. 6, being stored thereon with computer program 611, it is characterised in that the computer program 611 realizes following steps when being executed by processor：

In specific implementation process, when which is executed by processor, it is possible to achieve the embodiment of the present application one Middle any embodiment.

Based on same inventive concept, the embodiment of the present invention additionally provides the corresponding vehicle of method in embodiment one, sees implementation Example seven.

Embodiment seven

As shown in fig. 7, the present embodiment provides a kind of vehicle, including vehicle-carrying communication box 701, gateway 702, automobile specified microcomputer Controller 703 and the system of the network security certification as described in example IV 704.

By the vehicle that the embodiment of the present invention seven is introduced, the vehicle being applied to by the system of the embodiment of the present invention four, So the system introduced based on the embodiment of the present invention four, the affiliated personnel in this area can understand concrete structure and the change of the vehicle Shape, so details are not described herein.The vehicle that the system of every embodiment of the present invention four is applied to belongs to the present invention and is intended to protect The scope of shield.

Further, network security certification method provided by the embodiments of the present application, system, vehicle, device and medium, by PKI, OTA and SE combines the basic network security environment for being used for establishing vehicle：Remote service provider, vehicle-carrying communication are established by PKI Trust systems between box, gateway and automobile specified microcomputerized controller.Authentication system is also established by PKI, by described Authentication system distributes corresponding unique root certificate for the vehicle manufacturers of the vehicle, avoid other vehicles component or Use of the component of poor quality on vehicle, improves security.Further, OTA is used as the vehicle-carrying communication box, the gateway and institute State the upgrading channel that automobile specified microcomputerized controller establishes safety, it is ensured that each node of vehicle rapid safety upgrade of energy, To avoid the reparation of delay security breaches, vehicle network security is further improved.Further, set safety chip close to store Key, characteristic and key logic, and be encrypted and decrypted in safety chip, it can prevent key, certificate and key logic It is stolen Deng significant data, is further ensured that vehicle network safety.

Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.

In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.

Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention：I.e. required guarantor The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself Separate embodiments all as the present invention.

Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation Replace.

In addition, it will be appreciated by those of skill in the art that although some embodiments in this include institute in other embodiments Including some features rather than further feature, but the combination of the feature of different embodiment means to be in the scope of the present invention Within and form different embodiments.For example, in the following claims, embodiment claimed it is any it One mode can use in any combination.

The all parts embodiment of the present invention can be with hardware realization, or to be run on one or more processor Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice Microprocessor or digital signal processor (DSP) are realized in gateway according to embodiments of the present invention, proxy server, system Some or all components some or all functions.The present invention is also implemented as being used to perform side as described herein The some or all equipment or program of device (for example, computer program and computer program product) of method.It is such Realizing the program of the present invention can store on a computer-readable medium, or can have the shape of one or more signal Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal Formula provides.

It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Component listed in the claims or step.Word "a" or "an" before component does not exclude the presence of multiple such Component.The present invention can be by means of including the hardware of some different components and being come by means of properly programmed computer real It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

The invention discloses A1, a kind of method for carrying out vehicle network safety certification, the vehicle include vehicle-mounted logical Believe box, gateway and automobile specified microcomputerized controller, the described method includes：

A2, the method according to A1, it is characterised in that the method further includes：

Whether the component root certificate that the component described in certification on vehicle carries is unique with the vehicle manufacturers of the vehicle Root certificate matches, and unique root certificate is the root card that the vehicle manufacturers that authentication system is the vehicle correspond to distribution Book, the authentication system are established beforehand through PKI；

If the component root certificate that the component carries is corresponding with the uniquely root certificate, open the component with it is described The communication authority of vehicle；

Otherwise the communication authority of the component and the vehicle is closed.

A3, the method according to A1, it is characterised in that the method further includes：

Receive the upgrading that over the air (Over-the-Air Technology, OTA) cloud server issues Bag；

Whether upgrade package described in certification is upgrade package that trusted servers issue；

If the upgrade package is the upgrade package that trusted servers are sent, the upgrade package is write with a brush dipped in Chinese ink into the upgrade package Corresponding component, to upgrade the component.

A4, the method according to A3, it is characterised in that whether upgrade package described in the certification is that trusted servers issue Upgrade package, including：

A5, the method according to A3, it is characterised in that：

The component is the vehicle-carrying communication box, the corresponding hardware of the gateway or the automobile specified microcomputerized controller.

A6, the method according to A1, it is characterised in that the vehicle further includes safety chip, the key of the vehicle The certificate and PKI that logic, PKI are issued for the vehicle communication is default or the key that issues of dynamic be stored in it is described In safety chip.

A7, the method according to A6, it is characterised in that the method further includes：

The safety chip, which receives, is not belonging to the external data that the equipment of the vehicle is sent, and according to the safety chip The external data is decrypted in the certificate or key of middle storage；The safety chip sends out the external data after decryption Send to the component of the corresponding vehicle of the external data；

Alternatively,

The safety chip receives the internal data that the component of the vehicle is sent, and according to being stored in the safety chip Certificate or key the internal data is encrypted；The safety chip sends the encrypted internal data to institute State the corresponding object of internal data.

A8, the method according to A6, it is characterised in that the method further includes：

Detect whether that unverified channel accesses the data stored in the safety chip；

If detect that unverified channel accesses the data stored in the safety chip, the unverified canal is destroyed The data that road accesses.

B9, a kind of network safety system, the system are applied to vehicle, including：

Authentication subsystem, the authentication subsystem by Public Key Infrastructure (Public Key Infrastructure, PKI the trust systems between remote service provider, vehicle-carrying communication box, gateway and automobile specified microcomputerized controller) are established；And Authentication system is established by PKI, it is corresponding for the vehicle manufacturers distribution of the vehicle by the authentication system Unique root certificate；

Upgrade subsystem, the upgrading subsystem uses

Over the air (Over-the-Air Technology, OTA) is the vehicle-carrying communication box, the gateway Upgrading channel is established with the automobile specified microcomputerized controller.

C10, a kind of vehicle, the vehicle include vehicle body, further include：

Upgrade subsystem, the upgrading subsystem uses

D11, a kind of system for carrying out vehicle network safety certification, the vehicle include vehicle-carrying communication box, gateway and Automobile specified microcomputerized controller, the system comprises：

Communication cartridge authentication module, for the order for controlling the vehicle-carrying communication box reception remote service business to send, and according to The First Certificate that Public Key Infrastructure (Public Key Infrastructure, PKI) issues in advance demonstrate,proves the order Book verifies；If the vehicle-carrying communication box certificate verifies successfully, the order is sent to the gateway；

D12, the system according to D11, it is characterised in that the system also includes：

D13, the system according to D11, it is characterised in that the system also includes：

D14, the system according to D13, it is characterised in that the upgrade package authentication module is additionally operable to：

D15, the system according to D13, it is characterised in that：

D16, the system according to D11, it is characterised in that the vehicle further includes safety chip, the pass of the vehicle The certificate and PKI that key logic, PKI are issued are default or the key that issues of dynamic is stored in institute for the vehicle communication State in safety chip.

D17, the system according to D16, it is characterised in that the safety chip further includes：

D18, the system according to D16, it is characterised in that the safety chip further includes：

E19, a kind of vehicle, including vehicle-carrying communication box, gateway, automobile specified microcomputerized controller and such as claim D11- The system of network security certification any one of D18.

F20, a kind of network safety system, including memory, processor and storage are on a memory and can be on a processor The computer program of operation, the processor realize A1-A8 any methods when performing described program.

G21, a kind of computer-readable recording medium, are stored thereon with computer program, when which is executed by processor Realize any methods of claim A1-A8.

Claims

A kind of 1. method for carrying out vehicle network safety certification, it is characterised in that the vehicle includes vehicle-carrying communication box, net Pass and automobile specified microcomputerized controller, the described method includes：

The vehicle-carrying communication box receives the order that remote service business sends, and according to Public Key Infrastructure (Public Key Infrastructure, PKI) certificate that issues in advance carries out certificate verification to the order；If the vehicle-carrying communication box card Book verifies successfully, then sends the order to the gateway；

The gateway carries out certificate verification according to the certificate that the PKI is issued in advance to the order；If the gateway Certificate verifies successfully, then sends the order to the automobile specified microcomputerized controller；

The automobile specified microcomputerized controller carries out certificate school according to the certificate that the PKI is issued in advance to the order Test；If the automobile specified microcomputerized controller certificate verifies successfully, the order is performed.
2. the method as described in claim 1, it is characterised in that the method further includes：

Whether the component root certificate that component on vehicle described in certification carries is demonstrate,proved with unique roots of the vehicle manufacturers of the vehicle Book matches, and unique root certificate is that the vehicle manufacturers that authentication system is the vehicle correspond to the root certificate of distribution, institute Authentication system is stated to establish beforehand through PKI；

If the component root certificate that the component carries is corresponding with unique root certificate, the component and the vehicle are opened Communication authority；

Otherwise the communication authority of the component and the vehicle is closed.
3. the method as described in claim 1, it is characterised in that the method further includes：

Receive the upgrade package that over the air (Over-the-Air Technology, OTA) cloud server issues；

Whether upgrade package described in certification is upgrade package that trusted servers issue；

If the upgrade package is the upgrade package that trusted servers issue, the upgrade package is write with a brush dipped in Chinese ink and is corresponded into the upgrade package Component, to upgrade the component.
4. method as claimed in claim 3, it is characterised in that whether upgrade package described in the certification is that trusted servers issue Upgrade package, including：

According to the signature mechanism of the PKI certificate combination PKI issued in advance, whether upgrade package described in certification is trusted servers The upgrade package issued.
A kind of 5. network safety system, it is characterised in that the system is applied to vehicle, including：

Authentication subsystem, the authentication subsystem establish remote service provider, vehicle-carrying communication box, net by Public Key Infrastructure Close the trust systems between automobile specified microcomputerized controller；And authentication system is established by PKI, pass through the identity Authentication system distributes corresponding unique root certificate for the vehicle manufacturers of the vehicle；

Upgrade subsystem, the upgrading subsystem uses over the air as the vehicle-carrying communication box, the gateway and described Automobile specified microcomputerized controller establishes upgrading channel.
6. a kind of vehicle, it is characterised in that the vehicle includes vehicle body, further includes：

Authentication subsystem, the authentication subsystem establish remote service provider, vehicle-carrying communication box, net by Public Key Infrastructure Close the trust systems between automobile specified microcomputerized controller；And authentication system is established by PKI, pass through the identity Authentication system distributes corresponding unique root certificate for the vehicle manufacturers of the vehicle；

Upgrade subsystem, the upgrading subsystem uses over the air as the vehicle-carrying communication box, the gateway and described Automobile specified microcomputerized controller establishes upgrading channel.
7. a kind of system for carrying out vehicle network safety certification, it is characterised in that the vehicle includes vehicle-carrying communication box, net Pass and automobile specified microcomputerized controller, the system comprises：

Communication cartridge authentication module, for controlling the vehicle-carrying communication box to receive the order that remote service business sends, and it is pre- according to PKI The First Certificate first issued carries out certificate verification to the order；If the vehicle-carrying communication box certificate verifies successfully, send It is described to order to the gateway；

Gateway authentication module, for controlling the gateway to be carried out according to the second certificate that the PKI is issued in advance to the order Certificate verifies；If the gateway certificate verifies successfully, the order is sent to the automobile specified microcomputerized controller；

Microcomputer authentication module, for the 3rd certificate for controlling the automobile specified microcomputerized controller to be issued in advance according to the PKI Certificate verification is carried out to the order；If the automobile specified microcomputerized controller certificate verifies successfully, the order is performed.
8. a kind of vehicle, it is characterised in that including vehicle-carrying communication box, gateway, automobile specified microcomputerized controller and such as right will The system for asking the network security certification any one of 7.
9. a kind of network safety system, including memory, processor and storage can be run on a memory and on a processor Computer program, it is characterised in that the processor realizes claim 1-4 any methods when performing described program.
10. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor Claim 1-4 any methods are realized during execution.